Security

Reply
New Contributor

SSL Certificate Installation on Internal Captive Portal

We just purchased some 310s.

 

We have setup Captive Portal for our Public WiFi network.

 

We found that when Captive Portal is enabled, public clients receive SSL browser warnings.

 

I understand that this is due to the fact that the Captive Portal is using a self-signed certificate.

 

Our Captive Portal page is just an "accept" page, no user credentials are exchanged.

 

Ideally, we would just disable HTTPS on the Captive Portal page.  However, according to this forum post, https://community.arubanetworks.com/t5/Wireless-Access/Disable-HTTPS-on-Aruba-IAP-305-Captive-Portal/m-p/496913#M87648, there isn't a way to disable HTTPS on the Instant products.

 

So, I turn to installing a purchased certificate that browsers will 'accept.'

 

I found this post detailing how to install a certificate:

 

https://community.arubanetworks.com/t5/Controllerless-Networks/Virtual-Controller-Captive-Portal-SSL-Certificate-Options/td-p/283625

 

My question involves the installation of the certificate.

 

It sounds like I can create a CSR for a domain like public.ourdomain.com using a Windows PC.  I can then purchase a certificate for public.ourdomain.com.  Once I have converted the purchased certificate into a pem file, I can upload the pem file into the controller.  This certificate will be shared across all APs.  Once the purchased certificate is installed, public clients will load the public.ourdomain.com Captive Portal page without errors. 

 

Is this accurate?

 

If so, do I need to setup any DNS entries for the public.ourdomain.com?  Or add the public.ourdomain.com to the controller?  Or will the controller automatically 'know' to use the new domain name when it brings up the captive portal page with the newly purchased certificate?

 

Thanks for your help.

Aruba Employee

Re: SSL Certificate Installation on Internal Captive Portal

yes when you install a HTTPS public cert on the virtual conroller (VC) it will get installed throughout that instant cluster.

 

then when you are using it for Captive portal, you should not get any warnings about trusting the cert. and you should have a valid DNS entry for your domain as well.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: